Legal claims defining the scope of protection, as filed with the USPTO.
1. A method comprising: accessing, by a commercial entity subsystem, an authorization key from a processor of an electronic device, the commercial entity subsystem being separate and remote from the electronic device; deriving, by the commercial entity subsystem, a transport key of a security domain of a secure element of the electronic device; leveraging the derived transport key for securely generating a shared commercial key on the security domain of the secure element; and after the leveraging, injecting, by the commercial entity subsystem and using the shared commercial key, the accessed authorization key onto the security domain of the secure element of the electronic device, wherein the electronic device is configured to use the injected authorization key for enabling a secure communication channel between the processor and the secure element of the electronic device.
2. The method of claim 1 , further comprising, after the accessing but before the injecting, at the commercial entity subsystem, leveraging a global identifier (“GID”) of the processor to authenticate the accessing.
3. The method of claim 2 , further comprising, prior to the accessing, receiving the GID at the commercial entity subsystem from a manufacturer of the processor.
4. The method of claim 1 , wherein: the deriving comprises deriving the transport key at the commercial entity subsystem using a master key; and prior to the deriving, the method comprises sharing the master key of the commercial entity subsystem with a vendor of the secure element.
5. The method of claim 4 , further comprising, prior to the accessing, at the vendor of the secure element: deriving the transport key at the vendor using the shared master key and a unique identifier of the secure element; and disposing the derived transport key and the unique identifier on the security domain of the secure element.
6. The method of claim 5 , wherein: the accessing comprises accessing the authorization key and the unique identifier from the electronic device; and the deriving the transport key at the commercial entity subsystem comprises deriving the transport key at the commercial entity subsystem using the master key and the accessed unique identifier.
7. The method of claim 1 , wherein leveraging the derived transport key for securely generating the shared commercial key on the security domain of the secure element comprises: generating an initial secure channel between the commercial entity subsystem and the secure element using the transport key, and using the initial secure channel to inject the shared commercial key onto the security domain of the secure element.
8. The method of claim 1 , wherein the injecting comprises the commercial entity subsystem leveraging the shared commercial key for injecting the authorization key into the secure element through a secure channel between the commercial entity subsystem and the secure element.
9. A method comprising: deriving an authorization key using a processor of an electronic device; after the deriving, sharing the derived authorization key, by the electronic device, with a commercial entity subsystem that is remote from the electronic device; leveraging a transport key of a security domain of a secure element of the electronic device for secure generation of a shared commercial key on the security domain of the secure element of the electronic device, after the leveraging, receiving, using the shared commercial key, the shared authorization key from the commercial entity subsystem on the security domain of the secure element of the electronic device; and after the receiving, using, at the electronic device, the received authorization key for enabling a secure communication channel between the processor and the secure element.
10. The method of claim 9 , wherein the deriving comprises using a processor identifier stored on the processor and a secure element identifier stored on the secure element.
11. The method of claim 10 , wherein the sharing comprises sharing the derived authorization key and the secure element identifier with the commercial entity subsystem.
12. The method of claim 9 , wherein the receiving comprises receiving the shared authorization key from the commercial entity subsystem with the secure element using a secure channel between the commercial entity subsystem and the secure element enabled by the shared commercial key.
13. The method of claim 12 , wherein: the deriving comprises using a processor identifier stored on the processor and a secure element identifier stored on the secure element; the sharing comprises sharing the derived authorization key and the secure element identifier with the commercial entity subsystem; and the transport key is derivable from the shared secure element identifier.
14. The method of claim 12 , further comprising, prior to the deriving, receiving the transport key at the secure element.
15. The method of claim 9 , further comprising, at the electronic device, leveraging the secure communication channel to alter a contactless registry service of the secure element.
16. An electronic device comprising: a processor component; and a secure element comprising a security domain, wherein: the processor component is operative to derive an authorization key; the processor component is further operative to share the derived authorization key with a commercial entity subsystem remote from the electronic device; the secure element is operative to leverage a transport key of the security domain for secure generation of a shared commercial key on the security domain; the secure element is operative to receive, on the security domain and using the shared commercial key, the shared authorization key from the commercial entity subsystem; and the secure element is further operative to use the received authorization key for enabling a secure communication channel between the processor component and the secure element.
17. The electronic device of claim 16 , wherein the processor component is further operative to use the secure communication channel for altering a contactless registry service of the secure element.
18. The electronic device of claim 16 , wherein: the processor component comprises an application processor and a secure processor; the application processor is operative to receive a request for the authorization key from the commercial entity subsystem; and the application processor is further operative to instruct the secure processor to derive the authorization key in response to the received request.
19. The electronic device of claim 18 , wherein the secure processor is operative to derive the authorization key using a unique processor identifier stored in the secure processor.
20. The electronic device of claim 18 , wherein the secure processor is operative to derive the authorization key using a unique processor identifier stored in the secure processor and a unique secure element identifier.
21. The electronic device of claim 18 , wherein the secure element is further operative to use the transport key to generate an initial secure channel with the commercial entity subsystem and to receive the shared commercial key from the commercial entity subsystem via the initial secure channel.
22. A non transitory computer readable medium comprising computer readable instructions recorded thereon for: accessing an authorization key, by a commercial entity subsystem, from a processor of an electronic device that is remote from the commercial entity subsystem; deriving, by the commercial entity subsystem, a transport key of a security domain of the secure element; leveraging the derived transport key for securely generating a shared commercial key on the security domain of the secure element; and injecting, by the commercial entity subsystem and using the shared commercial key, the accessed authorization key from the commercial entity subsystem onto the security domain of the secure element of the electronic device; and establishing a shared secret between the processor of the electronic device and the secure element of the electronic device with the injected authorization key.
23. The non transitory computer readable medium of claim 22 , further comprising additional computer readable instructions recorded thereon for, after the accessing but before the injecting, at the commercial entity subsystem, leveraging a global identifier (“GID”) of the processor to authenticate the accessing.
24. A system comprising: a processor manufacturer subsystem; a secure element vendor subsystem; and a commercial entity subsystem, wherein: the processor manufacturer subsystem stores processor identifier data on a processor; the processor manufacturer subsystem shares at least a portion of the processor identifier data with the commercial entity subsystem; the secure element vendor subsystem shares a master transport key with the commercial entity subsystem; the secure element vendor subsystem derives a secure transport key using the master transport key and secure element identifier data; the secure element vendor subsystem stores the secure transport key and the secure element identifier data on a security domain of a secure element; the commercial entity subsystem produces an electronic device comprising the processor and the secure element; the commercial entity subsystem accesses an authorization key from the processor of the electronic device; the commercial entity subsystem derives the master transport key of the security domain of the secure element; the commercial entity subsystem leverages the derived transport key for securely generating a shared commercial key on the security domain of the secure element; the commercial entity subsystem injects, using the shared commercial key, the accessed authorization key onto the security domain of the secure element of the electronic device; and the electronic device uses the injected authorization key for enabling a secure communication channel between the processor and the secure element.
25. The electronic device of claim 16 , wherein the secure element is separate from, and external to, the processor component.
26. The electronic device of claim 16 , wherein the authorization key comprises a symmetric key.
27. The system of claim 24 , wherein the processor manufacturer subsystem, the secure element vendor subsystem, and the commercial entity subsystem are each separate subsystems.
28. The system of claim 24 , wherein the processor of the electronic device is configured to derive the authorization key based at least in part on the processor identifier data stored on the processor by the processor manufacturer subsystem.
Unknown
November 16, 2021
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.